Please enter your email below to subscribe
Without a doubt, the cybersecurity insurance landscape is very confusing at the moment.
There are many due diligence activities required in order to answer these questions and with the ever-evolving exposure scenarios (e.g. “zero” day threats) targeting companies, it raises the question, “How much insurance will be enough?”
Just as other insurance aspects of our personal and corporate lives have undergone many calibrations over time (due to legislation, public opinion, compliance, etc.); I suspect that the cybersecurity insurance framework will undergo a similar evolution.
However, one significant take away from the seminar was learning the important first step all companies should take – model their cyber assets and associated business processes to the most applicable security risk management framework appropriate for them and their industry. Whether it is ISO 27001 or NIST, the practice of objectivity while undertaking these programs will not only illuminate a company’s cybersecurity strengths and weaknesses (which, most likely will be a necessity to establishing cyber liability policy deductibles), but it will also prepare a company for the critical steps it must take throughout a breach experience.
As experts have said; it is no longer a question of “if” we will get breached, but, unfortunately, a matter of “when.” Rather than relying on evolving cyber “insurance” policies, take advantage of risk management processes for an overall “assurance” of your company’s ability to recover from a potentially, devastating business disruption.